SonicWALL has released a new firmware version for the SonicWALL firewall UTM appliances. This minor release of the SonicOS Enhanced firmware provides fixes and or security updates for your SonicWALL firewall. The current releases fixes the following problems:

Symptom:

SonicOS management SessionID brute force vulnerability when attempted from the same source IP as a legitimate administrator's active management session.

Fix / Workaround:

Occurs when the brute force attacker finds the legitimate SessionID, which is valid for use onlyfrom the source IP of the legitimate administrator during an active session, from one of4,294,967,296 possible SessionIDs (a session is active between the time legitimate administrator logs on and off). The SessionID security enhancement requires the attacker to guess the legitimate SessionID from one of 340,282,366,920,938,463,463,374,607,431,768,211,456 possible SessionIDs, and therefore requiring an attack on an active administrative session, from the same source IP of the administrator, to last 2,697,570,767,701,495,615,277,217,349,632 years.